SNS XSS

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2019-014 07/02/2019 medium v2

Vulnerability details

On an SNS firewall where certificate-based authentication is activated, some url can be crafted to produce an XSS which can result in session cookie stealing, or redirection to a phishing page.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium SNS is impacted
Netasq medium Netasq is impacted

Revisions

Version Date Description
v1  07/02/2019 Initial release
v2 10/07/2019 Add SNS 2.x fix versions

 



Stormshield Network Security

CVSS v2 Overall Score: 5.8      

Analysis

Impacted version

On an SNS firewall where certificate-based authentication is activated, some url can be crafted to produce an XSS which can result in session cookie stealing, or redirection to a phishing page.
  • SNS 2.X
  • SNS 3.X

Workaround solution

Solution

The vulnerability doesn’t occur if password authentication is used instead of certificate-based authentication.

The SNS 2.7.5, 2.15.0, 3.7.6 and 3.9.1 updates will fix this vulnerability

 



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network High Single Complete Complete Complete
CVSS Base score: 7.1 CVSS Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Workaround Confirmed
CVSS Temporal score: 5.8 CVSS Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:W/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 5.8 CVSS Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:W/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)


Netasq

CVSS v2 Overall Score: 5.8      

Analysis

Impacted version

On a Netasq firewall where certificate-based authentication is activated, some url can be crafted to produce an XSS which can result in session cookie stealing, or redirection to a phishing page.
  • Netasq 9.1.1

Workaround solution

Solution

The vulnerability doesn’t occur if password authentication is used instead of certificate-based authentication.

The 9.1.11 update will fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network High Single Complete Complete Complete
CVSS Base score: 7.1 CVSS Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Workaround Confirmed
CVSS Temporal score: 5.8 CVSS Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:W/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 5.8 CVSS Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:W/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)